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Abstract. Alternating timed automata on infinite words are considered. The main result 
is a characterization of acceptance conditions for which the emptiness problem for these 
automata is decidable. This result implies new decidability results for fragments of timed 
temporal logics. It is also shown that, unlike for MITL, the characterisation remains the 
same even if no punctual constraints are allowed. 



Timed automata [5] are widely used models of real-time systems. They are obtained from 
finite automata by adding clocks that can be reset and whose values can be compared with 
constants. The crucial property of timed automata is that their emptiness is decidable. 
Some other properties, like universality, are undecidable though. Alternating timed au- 
tomata have been introduced in [161 E2] following a sequence of results [H [21 [21] indicating 
that a restriction to one clock can influence decidability. Indeed, the emptiness and univer- 
sality problems for one clock alternating timed automata are decidable over finite words. On 
the contrary, over infinite words both problems remain undecidable even for automata with 
one clock \25\ 117] . All undecidability arguments rely on the ability to express "infinitely 
often" properties. Our main result shows that once these kind of properties are forbidden 
the emptiness problem is decidable. 

To say formally what are "infinitely often" properties we look at the theory of infinite 
sequences. We borrow from that theory the notion of an index of a language. It is known 
that the index hierarchy is infinite with "infinitely often" properties almost at its bottom. 
From this point of view, the undecidability result mentioned above leaves open the possibil- 
ity that safety properties and "almost always" properties can be decidable. This is indeed 
what we prove here. 

The automata theoretic approach to temporal logics |27j is by now a standard way of 
understanding these formalisms. For example, we know that the modal /i-calculus corre- 
sponds to all automata, and LTL to very weak alternating automata, or equivalently, to 
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counter-free nondeterministic automata [30J. By translating a logic to automata we can 
clearly see combinatorial challenges posed by the formalism. We can also abstract from ir- 
relevant details, such as a choice of operators for a logic. This approach was very beneficial 
for the development of logical formalisms over sequences. 

An automata approach has been missing in timed models for an obvious reason: no 
standard model of timed automata is closed under boolean operations. Event-clock au- 
tomata [7j may be considered as an exception, but the price to pay is a restriction on the 
use of clocks. Alternating timed automata seem to be a good model, although the unde- 
cidability result over infinite words shows that the situation is more difficult than for finite 
sequences. 

The idea of restricting to one clock automata dates back at least to [15J. Alternating 
timed automata were studied in a number of papers [T71 [251 HI E]- Our main result is 
that the emptiness problem for alternating timed automata with one clock and "almost 
always" conditions is decidable. A particular case of such automata is when all the states 
are accepting. This case was considered by Ouaknine and Worrell (2 1 who have shown 
decidability of the emptiness problem under some additional restriction on the form of 
transitions. 

The above mentioned result of Ouaknine and Worrell allowed them to identify a de- 
cidable fragment of MTL called Safety MTL. In the present paper we show that our main 
theorem allows to get a decidable fragment of TPTL [8] with one variable, that we call 
Constrained TPTL. This fragment contains Safety MTL, allows all "eventually" formulas, 
and more liberal use of clock constraints. Its syntax has also some similarities with another 
recently introduced logic: FlatMTL [12U13j . We give some elements of comparison between 
the logics later in the paper. In brief, the reason why Constrained TPTL is not strictly 
more expressive than FlatMTL is that the later includes MITL [6]. This is a sub-logic of 
MTL where punctualilty constraints are not allowed. 

The case of MITL makes it natural to ask what happens to alternating timed automata 
when we disallow punctual constraints. This is an interesting question also because all 
known undecidability proofs have used punctual constraints in an essential way. Our second 
main result (Theorem 15. 2\i , says that the decidability frontier does not change even if we 
only allow to test if the value of a clock is bigger than 1. Put it differently, it is not only the 
lack of punctual constraints, but also the very weak syntax of the logic that makes MITL 
decidable. 

We should also discuss the distinction between continuous and pointwise semantics. In 
the latter, the additional restriction is that formulas are evaluated only in positions when an 
action happens. So the meaning of Fr x=i \a in the continuous semantics is that in one time 
unit from now formula a holds, while in the pointwise semantics we additionally require 
that there is an action one time unit from now. Pointwise semantics is less natural if one 
thinks of encoding properties of monadic predicates over reals. Yet, it seems sufficient for 
descriptions of behaviors of devices, like timed automata, over time [26]. Here we consider 
the pointwise semantics simply because the emptiness of alternating timed automata in 
continuous semantics is undecidable even over finite words. At present it seems that an 
approach through compositional methods |14j is more suitable to deal with continuous 
semantics. 

Our work inserts itself also into the line of research using well-quasi-orders to solve de- 
cidability questions. Particularly close are models of lossy counter machines and their duals: 
machines with incremental errors. Ouaknine and Worrell have shown the undecidability of 



WEAK ALTERNATING TIMED AUTOMATA 



3 



the emptiness problem for ATA over infinite words by reduction to the repeated reachability 
problem for incremental machines with occurrence testing (ICMOT) [23] . While paper [11] 
gives a finer analysis of the complexity of several problems for ICMOT, using well-quasi 
orders it is easy to show that the existence of a computation satisfying "almost always" 
property is decidable for ICMOT. Nevertheless this observation does not imply decidability 
of the same problem for ATA, whose structure is more complicated. It is worth to men- 
tion that checking the existence of a run satisfying "almost always" property is in general 
more difficult than checking reachability. Recall for example that the former problem is not 
decidable for lossy counter machines |18| . while reachability is decidable for this model. 

The depth of nesting of positive and negative conditions of type "infinitely often" is 
reflected in the concept of the index of an automaton. Wagner [28J, as early as in 1977, 
established the strictness of the hierarchy of indices for deterministic automata on infinite 
words. Weak conditions were first considered by Staiger and Wagner [29J. There are 
several results testifying their relevance. For example Mostowski [19] has shown a direct 
correspondence between the index of weak conditions and the alternation depth of weak 
second-order quantifiers. For recent results on weak conditions see [20] and references 
therein. 

The next preliminary section is followed by a presentation of our main decidability 
result (Theorem 13 . X |> . Section |4] introduces Constrained TPTL, gives a translation of the 
logic into a decidable class of alternating timed automata, and discusses relations with 
FlatMTL. The last section presents the accompanying undecidability result (Theorem I5.2j) . 

2. Preliminaries 
A timed word over a finite alphabet £ is a sequence 

w = (a 1 ,t 1 )(a 2 ,t 2 ) ■ ■ ■ 

of pairs from S x M + . We require that the sequence {ij}i=i,2,... is strictly increasing and 
unbounded. If ti describes the time when event cij has occurred then these restrictions 
say that there cannot be two actions at the same time instance and that there cannot be 
infinitely many actions in a finite time interval (non Zeno behavior). 

We will consider alternating timed automata (ATA) with one clock [17]. Let x be this 
clock and let $ denote the set of all comparisons of x with constants, eg. {x < 1 A x > 0). 

A one-clock ATA over an alphabet S is a tuple 

A= {Q,E,q ,8,n : Q->N), 

where Q is a finite set of states and f2 determines the parity acceptance condition. The 
transition function of the automaton 5 is a finite partial function 

i5:QxSx$4 B + (Q x {nop, reset}), 

where B + {Q x {nop, reset}) is the set of positive boolean formulas over atomic propositions 
of the form T, _L, and (q, /) with q 6 Q and / E {nop, reset}. 

Intuitively, automaton being in a state q, reading a letter a, and having a clock valuation 
satisfying 9 can proceed according to the positive boolean formula S(q, a, 9). It means that if 
a formula is a disjunction then it chooses one of the disjuncts to follow, if it is a conjunction 
then it makes two copies of itself each following one conjunct. If a formula is "atomic", i.e., 
of the form (q, reset) or (g, nop) then the automaton changes the state to q and either sets 
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the value of the clock to or leaves it unchanged, respectively. To simplify the definition 
of acceptance there is also one more restriction on the transition function: 

(Partition) For every q G Q, a G X and v G M.+ , there is at most one 9 s.t. 
S(q,a,6) is defined, and v satisfies 9. 
It is easy to transform an automaton to this form. 

The acceptance condition of the automaton determines which infinite sequences of states 
(runs of the automaton) are accepting. A sequence 91,92, ■■ ■ satisfies: 

• weak parity condition if mm{Q(qi) : i = 1, 2, . . . } is even, 

• strong parity condition if liminfj = i 5 2,... Q(qi) is even. 

Observe that the difference between weak and strong conditions is that in the weak case 
we consider all occurrences of states and in the strong case only those that occur infinitely 
often. In this paper we will mostly consider automata with weak conditions. Whenever we 
will be considering strong conditions we will say it explicitly. 

For an alternating timed automaton A and a timed word w = (ai, t±)(a2, £2) • • • we 
define the acceptance game Gji, yW between two players: Adam and Eve. Intuitively, the 
objective of Eve is to accept w, while the aim of Adam is the opposite. A play starts at the 
initial configuration (90,0). It consists of potentially infinitely many phases. The (/c+l)-th 
phase starts in vj~), ends in some configuration (9^+1, ffc+i) and proceeds as follows. Let 
v' := v + tk+i — tk- Let 6 be a unique (by the partition condition) constraint such that v' 
satisfies 9 and 5(qk,ak+i,9) is defined; if there is no such 6 then Eve is blocked. Now the 
outcome of the phase is determined by the formula b = 5(qk, ak+i,9). There are four cases: 

• b = b\ A 62 : Adam chooses one of sub formulas 61 , 62 and the play continues with b replaced 
by the chosen subformula; 

• b = b\ V 62: dually, Eve chooses one of subformulas; 

• b = (q,f) G Q x {nop, reset}: the phase ends with the result (qk+i,Vk+i) := (q,f(v r )) 
and a new phase starts from this configuration; 

• b = T, _L: the play ends. 

The winner of such a play is Eve if she is not blocked, and the sequence ends in T, or it 
is infinite and the states appearing in the sequence satisfy the acceptance condition of the 
automaton. 

Formally, a play is a finite sequence of consecutive game positions of the form {k, q, v) 
or (k,q,v,b), where k is the phase number, b a boolean formula, 9 a location and v a 
valuation. A strategy of Eve is a mapping which assigns to each such sequence ending in 
Eve's position a next move of Eve. A strategy is winning if all the plays respecting the 
strategy are winning. 

Definition 2.1 (Acceptance). An automaton A accepts w iff Eve has a winning strategy 
in the game Gj^ )W . By L(A) we denote the language of all timed words w accepted by A. 

The Mostowski index of an automaton with the, strong or weak, acceptance con- 
dition given by Q is the pair consisting of the minimal and the maximal value of 
(min(il(<5)), m&x(£l(Q))) . We may assume without a loss of generality that mm(Q(Q)) G 
{0, 1}. (Otherwise we can scale down the rank by Sl(g) := £l(q) — 2.) Automata with strong 
conditions of index (0, 1) are traditionally called Biichi automata and their acceptance con- 
dition is given by a set of accepting states Q + C Q; in our presentation these are states 
with rank 0. 
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3. Decidability for one-clock timed automata 

We are interested in the emptiness problem for one clock ATA. As it was mentioned in 
the introduction, the problem is undecidable for automata with strong Biichi conditions 
(strong (0, 1) conditions). Here we will show a decidability result for automata with weak 
acceptance conditions of index (0, 1). 

Theorem 3.1. It is decidable whether a given one-clock alternating timed automaton with 
weak (0, 1) condition accepts some non Zeno timed word. The complexity of the problem is 
non-primitive recursive. 

The lower bound for the complexity holds already for automata over finite words |17j . 
So in the rest of this section we give a decidability proof. 

Before we start, it will be useful to make a couple of remarks that allow to restrict the 
form of automata. A weak (0, 1) automaton can be also presented as an automaton with 
a strong (0, 1) condition where all transitions from an accepting state, state of rank 0, go 
only to accepting states. Indeed, once the automaton sees a state of priority then any 
infinite run is accepting (but there may be runs that get blocked). In the following we will 
write Q+ for accepting states and Q_ for the other states. For automata presented in this 
way the strong (0, 1) condition says simply: there are only finitely many states from Q_ 
in the run. So the automaton accepts if Eve has a strategy to reach T, or to satisfy this 
condition. 

We can also make some restrictions on a form of the transition function. We can require 
that every boolean formula that appears as a value of the function is in a disjunctive normal 
form. Moreover, we can eliminate the J_ and T propositions. Proposition _L can be simulated 
by a state q± from which there is no transition, and T by an accepting state q~i on which 
the automaton loops on all letters. Observe that this is fine as we have put no restriction 
on transitions going to accepting states. Finally, we can assume that every disjunct of every 
transition of A has some pair with reset and some pair with nop. This can be guaranteed 
by adding conjuncts (g-r,nop) and (qj, reset). 

To fix the notation we take a one clock ATA in a form as described above: 

A = (Q,X,q ,6,Q+ CQ). 

This means that for every q, a, and 9, the formula 5(q, a, 6) is in a disjunctive normal form; 
every disjunct contains a pair with nop and a pair with reset; there are no T or _L; if 
q £ Q+ then only states from Q + appear in the formula; 

Our first step will be to construct some infinite transition system 71(A), so that the 
existence of an accepting run of A is equivalent to the existence of some good path in H(A). 
In the second step we will use some structural properties of this transition system to show 
decidability of the problem stated in the theorem. 

3.1. An abstract transition system. The goal of this subsection is to define a transition 
system H(A) such that existence of an accepting computation of A is reduced to existence 
of some special infinite path in H(A) (Corollary I3.9|) . This system will be some abstraction 
of the transition system of configurations of A. While 7i(A) will be infinite, it will have 
some well-order structure and other additional properties that will permit to analyze it. 

First, consider an auxiliary labeled transition system <S(*4) whose states are finite sets 
of configurations, i.e., finite sets of pairs (q,v), where q G Q and v € M+. The initial 
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position in S(A) is Pq = {(qo,0)} and there are transitions of two types P P' and 

P <—} P' . Transition P <—t P' is in S(A) iff P' can be obtained from P by changing every 

configuration (q, v) G P to (q,v + t). Transition P A P' is in 5(»4) iff P' can be obtained 
from P by the following nondeterministic process: 

• First, for each (q, v) G P, do the following: 

— let b = 8(q, a, 6) for the uniquely determined 9 satisfied in v, 

— choose one of disjuncts of b, say 

(gi,ri) A • • • A (q k ,r k ) (k > 0), 

— let Next(q,v) = {(qi,Vi(v)) :i = l...k}. 

• Then, let P' := \J( q , v )eP Next (<Z, 

Observe that there may be no P' such that P A P' because for some (<?, u) G P the value 
S(q,a,9) required above is not defined. 

Definition 3.2. We will call a sequence Po,Pi, ... of the states of S(A) accepting if the 
states from Q_ appear only in a finite number of Pj. 

Lemma 3.3. A accepts an infinite timed word (ao, to)(&i> ti) ■ ■ ■ iff there is an accepting 
sequence in S(A): 

„ to „ ao „ *i ai 

P ^ Pi ^ P 2 ^ P 3 ^ P 4 • • • 

Proof. The right to left implication is obvious. For the left to right implication, recall that 
acceptance of a word by an automaton is defined as existence of a winning strategy for Eve 
in the acceptance game. This is a game with Biichi conditions, so if Eve has a winning 
strategy, then she has a memoryless winning strategy. This strategy gives a run of the form 
required by the lemma. □ 

Our next goal is to remove time labels on transitions. But we cannot just erase them, 
as then we will not be able to say if a word is Zeno or not. We start by introducing regions. 

Let d max denote the biggest constant appearing in 5, i.e., the transition function of the 
automaton. Let set reg of regions be a partition of into 2 • (d max + 1) sets as follows: 

reg:= {{0}, (0, 1), {1}, (1, 2), . . . , (d max - 1, d max ), {d max }, (d max , +oo)}. 

There are three kinds of regions: bounded intervals (denoted regj), one-point regions (de- 
noted regp), and on6 unbounded interval {dmax^ 

+oo). We will use the notation X, for the 
region (i — l>i)- In a similar way, loo will stand for (d maxi +00). For v G R + , let reg(f) 
denote the region v belongs to; and let f ract(w) denote the fractional part of v. 

Let us try to give an intuition behind the way time information will be eliminated. 
Recall that a state P is a finite set of pairs (q,v). If v G loo then the precise value of v 
does not matter from the point of view of the automaton. For other values it is important 
to look at their fractional parts. Among all v appearing in P take the one with the 
biggest fractional part. Then, by making the time pass we can get v to a new region without 
changing the regions of valuations with smaller, but positive, fractional parts. Intuitively 
this is the smallest delay that makes a visible change to P. We will introduce a special label 
to signal when time progresses in this way. As integer valuation would force us to introduce 
a cumbersome case distinction we will set things so that they can be avoided. 

These remarks lead us to consider a new alphabet: 

S = SU {(delay, e)} U ({delay} x S), 
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and three new kinds of transitions. 

Transition on a will do the action and make some time pass without any valuation 
changing the region. 

P —> P' if P A- Pi A P' for some Pi, and ti > such that for every 
(g, v) G P, the value u + ti is in the same region as v. 
For a transition on a letter (delay, e), pick a valuation u among these with reg(-u) ^ 1^ 
with a maximal fract(u). The transition will make the time pass so that v goes to the next 
interval region but all valuations with smaller fractional parts do not change their regions: 

P (de i^' £) p> if p A p' x A p' for some p' x an( i tx ,t 2 > such that there 
is (q, v) £ P, with u + ti being an integer and v + ti + i 2 m the following 
interval region. Moreover, for all (q',v') € P if fract(u) 7^ fract(v') then 
the value 7/ + t\ + t 2 is in the same region as v' . 
Finally, we come to the most complex (delay, a) transition. Even though we did not 
allow transitions (delay, e) to reach one-point regions, it is still important to be able to 
execute actions in those regions. A transition on (delay, a) permits to reach a one-point 
region, execute the action, and leave the region. 

P (de ^' a) pi if p A p 1 A P 2 4 P' for some P 1 ,P 2 and h,t 2 > such that 
there is (q, v) € P, with v + ti being an integer and v + ti+t 2 in the following 
interval region. Moreover for all (q',v') 6 P if fract(w) 7^ fract(v') then 
the value v' + t\ + i 2 is in the same region as 7/. 
The following lemma shows that with a new alphabet we can replace non Zeno condition 
by a simple infinitary condition. 

Lemma 3.4. There is a non Zeno accepting sequence in S(A): 

„ to „ ao „ ti ai 

P ^ Pi ^ P 2 ^ P 3 ^ Pa ■ ■ ■ 

iff there is an accepting sequence 

p J^L p' 0-1 v p' 
P] — ► -fi — ► ^2 • • • > 

where <7o>°i> ■ • • € S and (delay, •) letters appear infinitely often in the sequence. □ 

The next step in the construction is to abstract from valuations in the states of the 
transition system. Intuitively, we will replace every valuation by its region. To compensate 
for erasing fractional parts, we will also keep information about the relative order between 
them. With the construction described in the definition below the states become words 
from 

A} • Aoo, 

where A/ = V(Q x reg 7 ) and = V(Q x {00}). 

Definition 3.5. For a state P of S(A) we define a word H(P) from A} • as the one 
obtained by the following procedure: 

• replace each (q,v) G P by a triple (q, reg(v), f ract(-u)} if v < d max (this yields a finite 
set of triples) 

• sort all these triples w.r.t. fract(w) (this yields a finite sequence of triples) 

• group together triples having the same value of f ract(v) (this yields a finite sequence of 
finite sets of triples) 
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• forget fract(v), that is, change every triple (q, reg(v), f ract(f)} into a pair (q, reg(v)) 
(this yields a finite sequence of finite sets of pairs, a word in A* T ). 

• Add at the end the letter ({q : (q,v) G P, v > dmax},!^) G Aqo- 

Finally, we can define H{A). 

Definition 3.6. H(A) is a transition system which has AJ x Aqo as a set of configurations, 
and for every letter a G E there is a transition c — > d if there are states P,P' of S(A) 
such that P -A P' and F(P) = c, iJ(P') = c'. 

Direct examination of the definition gives us the following. 

Lemma 3.7. If H{P{) = H(P 2 ) and Pi P[ then P 2 P' 2 with H(P{) = H(P^). □ 

Definition 3.8. We say that a path (equivalently: run, computation) in %{A) is good, if it 
passes through infinitely many transitions labeled by letters (delay, ■). We say that a path 
(equivalently: run, computation) in %{A) is accepting, if it is good and passes through only 
finitely many configurations containing states from Q^. 

Corollary 3.9. A accepts an infinite non Zeno timed word iff there is an accepting path in 
%{A) starting in configuration ({(q ,li)}, {0, ioo}). 

Proof. A accepts a non Zeno word iff there is a path in S(A) satisfying the acceptance 
condition. By Lemma 13.41 it is equivalent to having a good path in S(A) with transitions 
from the alphabet E satisfying the acceptance conditions. Lemma 13.71 implies that this is 
equivalent to having an accepting path in H(A). □ 

We finish the section with a more explicit characterization of transitions in %{A) that 
will be used extensively in the decidability proof. The characterisation is spelled out in the 
next three lemmas whose proofs are obtained directly from the definitions. 

Lemma 3.10. Consider a state (Ai . . . A&, A^) ofH(A). Ifk = then there is no (delay, •) 

transition from this state. Otherwise let \' k = {(g,X^ +1 ) : d < d max , (q,Id) 6 ^k} a nd 
A^o = Aoo U{ ((^Xqo) : (Q)3-d max ) ^ Afc} . InT-L(A) there is exactly one transition on (delay, e): 

(Ai ...A fc ,Aoo) (d ^' e (X' k X 1 ...X k _ 1 ,X' OQ ) ifX' k ^$, 

(Ai ...A fc ,Aoo) (d ^.' e) (Ai ...A fc _i,A'oo) otherwise. □ 

In order to describe transitions of ~H(A) on an action a, we define an auxiliary notion of 
a transition from A G V(Q x reg). By the partition condition, for every (q,r) G A there is 
at most one constraint 9 such that every valuation in r satisfies this constraint and 5(q, a, 9) 
is defined. We choose a conjunct from 5(q,a,9): 

(<7i,nop) A • • • A (<#, nop) A (q[, reset) A • • • A (q' m , reset). 

From this choice we can obtain two sets: Next(g, r) = {(qi,r), . . . , (qi,r)} and Nexto(<?, r) = 
{(q' l ,l 1 ),...,(q' m ,X 1 )}.Wepnt 

A -^*4 (A', 7'), where 

A' = Next(q,r) and 7'= Nexto(q,r). 

(q,r)e\ (q,r)e\ 

Observe that there are as many transitions — — > from A as there are choices of different 
conjuncts for each pair (q, r) in A. In particular there is no transition if for some pair 
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the transition function of the automaton is not defined. Notice also that the clock after 
reseting, described by elements of 7', is in interval I\, not in {0}; this is because we describe 
a transition of the original automaton followed by a small time elapse. 

Lemma 3.11. In ~H(A) transitions on an action a have the form 

(Ai . . . A fc , Aoo) — > (7'A'j . . . X' k , A^), 

where Aj OMjTD an ^ 7' = U l\ (f or i = 1, • • • ,k,oo). □ 

Note that neither 7' nor any of A^ may be empty. 

Finally, we have the most complicated case of (delay, a) action. 

Lemma 3.12. In T~L{A) the transitions on an action (delay, a) have the form 

(Ai . . . A fe , Aoo) (de ^> a) (7'Ai . . . \' k _ x , A'4), 
where the elements on the right are obtained by preforming the following steps: 

• First, we change regions in \ k . Every pair (q,Id) G A& becomes (q, {d}). Let us denote 
the result by X k . 

• For i = 1, ...,k, 00 we take A-,7j' such that: X\ (^fc>7fc) an ^ ^» (K^i) f or 
i f k. 

• We again increase regions in X' k : from {d} they become Id+l> or 1^ if d = d max . 

• We put i = U7i U {(q,l d ) ■ (?,{<*}) G X' k ,d < d max } and A'4 = A'^ U {(q,!^) : 
(q,{dmax}) G A'J. □ 

We write c — )• c', c ^ — 5' ^ c', c ^> c', c ^> c' to denote that we may go from a configuration c 
to c' using one transition, one transition reading a letter of the form (delay, •), any number 
of transitions or any number of transitions reading only letters from S, respectively. 



3.2. Finding an accepting path in Ti(A). Here we overview the decision procedure, 
which is described in details in the next subsections. By Corollary 13.91 our problem reduces 
to deciding if in 7i(A) there is a good path with only finitely many appearances of states 
from Q^. The decision procedure works in two steps. In the first step we compute the 
set G of all configurations of 7i(A) from which there exists a good path. Observe that if a 
configuration from G has only states from Q + then there exists an accepting run from this 
configuration. So, in the second step it remains to consider configurations that have states 
from both Q_ and Q+. This is relatively easy as an accepting run from such a configuration 
consists of a finite prefix ending in a configuration without states from Q_ and a good run 
from that configuration. Hence, there is an accepting run from a configuration iff it is 
possible to reach from it a configuration from G that has only Q + states. Once we know 
G, the later problem can be solved using the standard reachability tree technique. 



3.3. Computing accepting configurations. We start with the second step of our pro- 
cedure as it is much easier than the first one. We need to decide if from an initial state 
one can reach a configuration from G having only Q + states. We can assume that we are 
given G but we need to discuss a little how it is represented. It turns out that there are 
useful well-quasi-orders on configurations that allow to represent G in a finitary way (Corol- 
lary EESD 
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A well- quasi- order is a relation with a property that for every infinite sequence ci, C2, . . . 
there exist indexes i < j such that the pair (cj, Cj) is in the relation. 

The order we need is the relation, denoted over configurations of T~L(A): we put 
(Ai . . . Xk, Aoo) X (A^ . . . A' fc/ , A^) if Aqo C A'^ and there exists a strictly increasing function 
/ : {1, . . . , k} — >• {1, . . . , k'} such that Aj C A^^ for each i. Observe that here we use the fact 
that each Aj is a set so we can compare them by inclusion. This relation is somehow similar 
to the relation of being a subsequence, but we do not require that the corresponding letters 
are equal, only that the one from the smaller word is included in the one from the greater 
word. The first property of this order is proved by a standard application of Higman's 
lemma. 

Lemma 3.13. The relation X is a well- quasi- order. □ 

The following shows an important interplay between < relation and transitions of %{A). 

Lemma 3.14. Let c\, c[, C2 be configurations ofH(A) such that c[ ^ c\. Whenever c\ -» c 2 , 
then there exist c' 2 ^ C2 such that c[ -» c' 2 and the second computation has the length not 
greater than the first one. Similarly, when from c\ there exists a good computation, then 
from c^ such a computation exists. 

Proof. For the first statement of the lemma we will simulate one transition from c\ by at 
most one transition from c[ . If c\ C2 then directly from Lemma 13.111 it follows that 

there is c 2 ^ C2 such that C2 c' 2 . When c\ ^ — ^ C2 we have two cases depending on 
the relation between one before last element of the two configurations. To be more precise, 
suppose that c\ = (Ai . . . A&, Aqo) and c[ = (X[ . . . X' k ,, A^). If X' k , C Xk then we may do 
(delay, e) from and we get c 2 ^ C2. Otherwise already c[ ^ C2, we do not do any action 
and take c' 2 = d x - Similarly for (delay, a): either we match it with (delay, a) or just with 
a. An obvious induction gives a proof of the first statement. 

For the second statement we need to show that the computation from c' t obtained by 
matching steps as described above is good (if the one from c\ has been good). This is not 
immediate as we remove some (delay, •) letters in the matching computation. 

Fix a good computation from c\. Let C2 be a configuration in a computation starting 
from ci, and let c 2 be the corresponding configuration in the matching computation from 
c'i- To arrive at a contradiction assume that there are no delays after c 2 . Let us denote 
c 2 = (X[ . . . X' k ,, X'cq) and C2 = (Ai . . . A&, Aqo). Because c' 2 H C2, we know that A^., is covered 
by some Aj, i.e., X' k , C Aj. Let us take the biggest possible i. If some a-action is done 
from C2 then it is matched by an a-action from c 2 , and for the resulting configurations 
the inclusion is preserved. This can happen only finitely many times though, as there are 
infinitely many (delay, •) actions after ci. If a (delay, •) action is done from C2 and i = k 
then it is matched by a (delay, •) action from c 2 , a contradiction with the choice of Cj. If 
i < k then the element A^,, is left on its position in c 2 , while in C2 we remove A^, hence Aj 
covering X' k , gets closer to the end of the sequence. Repeating this argument, we get that 
the covering Aj finally becomes the last element and the previous case applies. □ 

Corollary 3.15. The set G is downward closed, so it can be described by the finite set of 
minimal elements that do not belong to it. □ 

As we have mentioned before, there is a good accepting computation from a configura- 
tion iff it is possible to reach from it a configuration from G that has only Q + states. The 
following lemma says that this property is decidable. 
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Lemma 3.16. Let X be a downward closed set of configurations ofH(A), represented by 
the (finite) set of all its minimal elements. It is decidable whether from a given configuration 
one can reach a configuration in a given set X that has only states from 

Proof. We will use a standard reachability tree argument. The reachability tree is a tree 
in which the initial configuration is in the root, and every configuration has as children 
all configurations that may be reached by reading one letter. The algorithm constructs a 
portion t of the tree according to the following rule: do not add a node d to t in a situation 
when among its ancestors there is some c < d . Each path of t is finite because < is a 
well-quasi-order. Furthermore, since the degree of every node is finite, t is a finite tree. 
Then we check t for a configuration from X without states from 

We only need to prove that, if in the whole reachability tree there is a configuration as 
above (which means that T~L(A) may accept), then there is also some in t. Let c be such a 
configuration reachable from the initial configuration of %{A) by a path tt of the shortest 
length. Assume that c is not in t, i.e. there are two nodes on tt, say c\ and C2, such that c\ 
is an ancestor of C2 and c\ -< C2 (i.e. C2 was not added to t). Then from Lemma 13.141 there 
exists c' ^ c that may be reached from c\ and the path from c\ to d will be not longer than 
that from C2 to c. So the path leading to d from the initial configuration is strictly shorter 
than tt. Moreover, as d -< c and X is downward closed, we immediately deduce that d £ X, 
and d does not contain states from Q- which is a contradiction. □ 

3.4. Computing G. In this subsection we deal with the main technical problem of the 
proof that is computing the set G of all configurations from which there exist a good 
computation. We will actually compute the complement of G. While we will use well- 
orderings in the proof, standard termination arguments do not work in this case. We will 
need to examine more closely the definition of 7i(A) an in particular the mechanics of its 
transition as described in Lemmas 13.101 13. 11\ and 13.121 
We write X^ for an upward closure of set X, 

Xt= {c : 3 c > e xc 1 c}. 

Observe that by Corollary 13.151 the complement of G is upward closed. 

Let set pre^ elaj (respectively pre^,) contain all configurations, from which after reading 
any letter (delay, •) (any number of letters from £), we have to reach a configuration from 
X, 

prel^X) = {c : V c ,(c d => d € X)}, 

pre\,{X) = {c : V c ,(c ^ d => d G X)}. 

Now we can use these pre operations to compute a sequence of sets of configurations 

Z_l = 0, Zt = pre\, (pre^ elay (^_!t)). 

It is important that we may effectively represent and compare all the sets Z{\. Because 
the relation ^ is a well-quasi-order, any upward closed set Xf may be represented by finitely 
many elements ci,...,Cfc (called generators) such that X\= {ci, . . . , c^jt- Moreover, an 
easy induction shows that Zj_ifC Z{\ for every i (because both j?re v operations preserve 
inclusion). Once again, because relation ^ is a well-quasi-order, there has to be i such that 
Zi-\[= Z{[. Let us write Z^ for this Zj. 
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First, we show that is indeed the complement of G. 

Lemma 3.17. There is a good computation from a configuration c iff c ^ Zoot- 

Proof. (=^) We show by induction that c ^ Zi for i = — 1,0,1.... For z = — 1 it is obvious. 
Assume for contradiction that there exists a good computation from c, but c £ Z{\. Then 
there exists c' -<c with c' 6 Zi. From Lemma f3.14l we know that a good infinite computation 
exists also from c'. This computation may first read some letters from S, but finally it has 
to read a letter (delay, ■), that results in a configuration C2- Definition of Zi tells us that 
C2 £ Zi_i\. But from C2 there is also a good infinite computation, a contradiction. 

(<^=) Assume that every computation (finite or infinite) from c reads at most k letters 
(delay, •). An easy induction on k shows that c € Z k . □ 

To compute Z^ it is enough to show how to compute Z{[ from Zi_\[. This is the most 
difficult part of the proof that will occupy the rest of the subsection. Once this is done we 
will calculate all the sets Z{\, starting with Z_i = and ending when Zi_\\= Z{\. 

The main idea in calculating pre^*(pre^ elay (X)) is that the length of its generators 
may be bounded by some function in the length of generators of X. This is expressed by 
the following lemma. 

Lemma 3.18. Given an upward closed set X we can compute a constant D{X) (which 
depends also on our fixed automaton A) such that the size of every minimal element of 
pre^*(pre^ elaj (X)) is bounded by D(X) 

Once we know the bound on the size of generators, we can try all potential candidates. 
The following lemma shows that it is possible. 

Lemma 3.19. For every upper-closed set X, the membership in pre^* (pre^ elaj (X)) is 
decidable. 

Together Lemmas 13.181 and 13.191 allow us to compute the sequence Zo, Z\ , . . . , Z^ and 
hence also G. 

To finish the proof of the theorem, it remains to give proofs of the two lemmas. The 
first is substantially more complicated, and will occupy most of the space, while the second 
we will get as a rather simple corollary. In the first proof, we will calculate separately 
bounds for pre^ elgLj (X) and for pre\* (X). In the sequel we will need to use some special 
representation for sets of configurations. 

Definition 3.20. A compressed configuration has a form 

c = (Ai . . . \i,f, Aoo), 
where Aj € A/, A^ € A ro and / : Aj — > 'P(Aj) (values of / are subsets of A/). 

On compressed configurations we introduce an expansion operation parametrized by 
words from AJ. 

Definition 3.21. A compressed configuration c = (Ai . . . A;, /, Aqq) may be expanded 
in a context of some word \® . . . A^ € A}, giving as a result the set of configurations 
(Ai . . . Xi\' l+l . . . \' l+k , Aoo) such that G /(A°) for 1 < % < k. We will use exp(c, A? . . . X° k ) 
to denote the set of obtained configurations. Similarly, if C is a set of compressed configu- 
rations we write Exp(C, \® . . . A°) for [j{exp(c, A? • • • A°) : c € C}. 
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Observe that the value /(A) for A not appearing in A^ . . . A2 does not matter; moreover 
if some /(A°) = then the result of expanding is the empty set. 

We use compressed configurations, because the set of successors of a configuration may 
be described by a bounded number of compressed configurations. This is not true for 
ordinary configurations due to nondeterminism. For example, when there is more than one 
choice of a transition on action a form a letter A then every occurrence of A in a configuration 
may make a choice independently, so the number of successor configurations grows with the 
number of occurrences of A in a configuration. 

Let us see how to calculate pre^ elay (X). Some care is needed as this set is not upward 
closed with respect to the ^ relation. This is because the a (delay, •) action treats the 
one before the last element of a configuration in a special way. So if something is inserted 
after X k in (Ai . . . Afc, Aqo) then the delay operation uses this inserted element instead of 
Afc. As a side remark let us mention that using the upward closure of pre^ elay (Zj_it) in the 
definition of Zi would be incorrect (Lemma 13 . 1 71 would not be true). 

To remedy this problem we use a refined relation < r . Given two configurations d = 
(X[ . . . X' k /,X'oo) an d c = (Ai . . . Afc, Aqo) we set 

c -< r c iff k' > 0, c ■< c and X k , C X k 

Note that the set pre\ el&y {X) is upward closed with respect to relation when X is 

upward closed with respect to X. This is because if c[ < r c\ and c\ ^ — V ^ C2 then also 

d x — \ d 2 with some d 2 ^ c^. Hence, if c\ g" pre^ el&y (X) then c[ pre^ elay 

The following lemma tells us that successors of a configuration may be described using 
compressed configurations and that there are not too many of them. 

Lemma 3.22. For every configuration cq = (Ai . . . Afc,Aoo), k > there exists a finite set 
of compressed configurations C(X k , Aqo) (depending only on X k and Xoq) such that: 

• if cq 1 " — V c then c G Exp(C(X k , Xoq), X\ . . . A&_i); 

• if c G Exp(C(X k , Aqo), Ai . . . X k _\) then cq ^ — V ^ d for some d < c. 

Proof. The transition on (delay, e) is deterministic. If cq ^ — \' ^ d then we either have 
d = {X' k X\ . . . Afc_i, A^) or d = {X\ . . . Afc_i, A^) depending on A^. In the first case we add 
c = (A' fc , sgl, A^) to C(Afc,Aoo), in the second case c = (e, sgl, A'^), where sgl(A) = {A}. In 
both cases exp(c, X\ . . . X k -i) = {d}. 

Now consider transitions reading (delay, a). A result of this transition is not unique and 
depends on the choice of a transition for each element of the configuration. We fix a set T of 
transitions A —} A (A', 7'); intuitively these are allowed transitions from Ai, . . . , X k ~i- We 

also fix transitions X k — > A {^- k -,l'k) an( ^ ~~^A {^'ooil'oo) (where A^. is X k with increased 
regions as in Lemma l3.12p . This choice of transitions gives us a compressed configuration 
c = (7,/, where 

7 = Ik U iL U {(q,X d +l) ■ (q, {d}) G X' k , d < d max } 
U J{ 7 ' : (A -*+ A (A',70)GT,AGA 7 }, 

/(A)=|J{A':(A (A',7'))€T}, 
A'4 =A' oc U {(g,Xoo) : (q, {d max }) G X' k }. 
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We add c into C(Xk, Xoo)- 

We now show that the constructed C(Xk,Xoo) has the required properties. Consider a 
successor c of cq that is reached using the transitions we have fixed. In particular, we require 
that each transition from T is used at least once. Take c as calculated above. Directly from 
the definition we get c <G exp(c, X\ . . . A^_i). As the choice of transitions was arbitrary, this 
gives the first statement of the lemma. 

Now consider c = (7A1 . . . A^._ l5 A'^,) G exp(c, X\ . . . X^-i) where c = (7, /, A'^,) is ob- 
tained by a choice of some T and some transitions from A^. and Aqo. For every i let us 
choose some transition Aj —>a (K^i) f rom 7~ (there is at least one such transition in T 
because A- G /(Aj)). Take d = (7^ . . . A'^, A'^) where 

V = l'k U l'oo U {(<?,Zd+i) = (9, {<*}) GA[,d< d max ] U |J 7,' 

l<i<fc-l 

Then 7' C 7 so d < c. It is easy to check that there is a transition Co < - de J^' a - ) c '. r~j 

We need to find all minimal elements of pre^ elay (Zj_i f). The following lemma will 
allow us to get a bound on their size. 

Lemma 3.23. For a piuen C and a set X upward closed with respect to the -< r relation 
there exists a constant B(X, C) (and we may compute it) such that if for some X® . . . A° 

Exp(C,X 1 ...X° k )CX 

then there exist 1 < i\ < ■ ■ ■ < i rn < k, m < B(X, C) with 

Exp(C,X il ...X i JCX. 

Proof. First suppose that C is a singleton {c}; where c = (X± . . . Xi, f, X^). We describe a 
construction of a finite automaton A~ accepting the language 

= {X' 1 ...X' k :exp(c,X[...X' k )CX}. 

Recall that X is an upward closed set with respect to < r relation. This implies that L~ is 
upward closed with respect to the standard subsequence relation C. It is easy to check that 
for every letter A G A/, if L C A} is C-upward closed then the quotient L/Xis also C-upward 
closed. Moreover L C L/X, as if w G L then aw <E L that implies w; G L/A. Because C is a 
well-quasi-order, this last property implies that the set of all possible quotients of L~ , i.e. 
the languages L~ /w for u> G A*j, is finite. These quotients are the states of A~ we were 
looking for. Indeed A^ is the minimal deterministic automaton for L~ . Take B(X, {c}) to 
be the size of the automaton. From the pumping lemma it follows that if the word A° . . . X k 
is accepted by A~ then there is a subsequence of length < B(X, {c}) accepted by A~ . 

Now consider a general situation. For every c G C from above we have some subse- 
quence A° . . . A° m of length m < -B(A, {c}), such that exp(c, A° . . . A^ ) C X. We take all 

the elements from all these subsequences, getting a subsequence of length < B(X, C) := 
. qB(X, {c}) such that all the inclusions hold. □ 
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The above two lemmas allow to compute a bound on the size of minimal elements in 

^eLay(^-lt)- 

Lemma 3.24. There is an algorithm that given X\ computes a constant Md e i a y(X^) such 
that the size of every minimal element of pre^ el (Xf) is bounded by Md e i ay (X'\). 

Proof. There are only finitely many different C(X] C , Aqo) as constructed in Lemma [3.221 Let 
Mdeiay be the maximal possible value of B(X^ , C(A&, Aqo))- 

Suppose Co = (Xi ■ ■ . X k , Ago) is a minimal element of pre^ elaj (X 7) . Take the set 

d(X° k , A°J as given by Lemma EEZS We have that Exp(d{X° k , AgJ, A? . . . Ag_j) C X\ by 
the second statement of this lemma. From Lemma 13.231 we get a subsequence X[ . . . X\ 
of Xi . . . X k _ 1 whose length is bounded by B(X 7, C(A°, Ago)) < M^iay an d such that 
Exp(d(\l,\% 3 ),X l ...\' l ) C I|. By the first statement of Lemma [OS we get that 
(Ai . . . A^, A",) G prel el&y {X\). By the minimality of c , we get that c = (X[ . . . X\X k , Ago), 
so its length is bounded by Mdeiay + 2. □ 

Now we describe how to calculate pre\» (V)7 for any set Y upward closed with respect 
to < r relation. The first lemma says that we may represent successors using compressed 
configurations. 

Lemma 3.25. For every compressed configuration cq there is a set of compressed configu- 
rations C(cb) (and we may compute it) such that for every X® . . . X k 

• if co G exp(co, X® . . . X k ) and cq —> c for some a G £, then c G Exp(C(co), A? . . . A^); 

• if c € Exp(C(co), Xi . . . A^), then cq c' for some c' < r c, a G £ and some Co G 
exp(co,A?...A^). 

Proof. Let Co = (Ai . . . A/, /, Aoo). Fix a letter a G S. We fix a set T of transitions 
A — >-,4 (A', 7'); intuitively these are allowed transitions from A G f(X®). We also fix tran- 
sitions Aj — (A^, 7') for i = 1, 00. This choice of transitions gives us a compressed 
configuration c = (7A1 . . . X' t , /', A^), where 

7= IJ 7, / uU{7 / :(A^(A', 7 , ))er,AGA / }, 

i=l...,i,oo 

/'(A ) ={A' : (A (A', 7')) G T, A G /(A )}. 
We add c into C(cb). 

For the first statement of the lemma, take Co G exp(co, X® . . . X®) and consider any 
successor c of Co that is reached using the transitions we have fixed. In particular we 
require that each transition from T is used at least once. Take c as calculated above. Then 
directly from the definition we get c G exp(c, A]* . . . A?). As the choice of transitions was 
arbitrary this gives the first statement of the lemma. 

Now consider some c G C(cq). It is of the form (7A1 . . . A{, /', A^). According to 
the above, it was constructed from Co using some transitions Aj (A^Tj) for i = 

1, 00 and some set of transitions T ■ Take c G exp(c, A? . . . X k ). We have that c is 
of the form (7^ . . . AJ AJ +1 . . . X' l+k , A^) where A' x . . . A; are as in c and for i = l,...,k 

we can choose from T transitions A; + j (Aj +i ,7j +i ) such that A; + j G /(A°). Take 

Co = (Ai • • • A;A/ + i, . . . , A^ + fc, Aqo), i.e. a configuration whose components are predecessors of 
transitions we have selected. We have cq G exp(co, X® . . . A?) by the definition of expansion. 
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Let d = (-y'X^ . . . X' l+k , A^) with 7' = Ui=i ... z+fc 00 Ti- Observe that 7' may be a proper 
subset of 7 if not all transitions from T have been used. Then d < r c and there is a 
transition cq d. 

□ 

The following lemma says that we may list a big enough portion of all configurations 
reachable from some cq (similarly like in step two of the decision procedure, Lemma l3,16p 
and moreover that size of this portion is bounded by a constant. 

Lemma 3.26. For every Aoo G Aoo we can construct a set Cy,*{X co ) such that for every 
Ai . . . A fc G A* 

• if (Ai . . . Afc, Aqo) -» c /or some c £/zen £/iere is c' < r c such that 
d G Exp(C s *(X oa ), Ai ...A fc ); 

• if c £ Exp(C-E* (Aoo), Ai . . . Afc) i/ien £/iere is c' ^ r c uni/i (Ai . . . A&, Aoo) -» d . 

Proof. Take the compressed configuration cq = (e, sgl, Aoo), where, as before, sgl(A) = {A}. 
We define a set C of compressed configurations as a closure of {cq} on the operation defined 
in Lemma 13.251 This set may be infinite but we do not worry about it for the moment. We 
show first that it satisfies the requirements of the lemma. 

s* 

Take some Ai . . . A& G A| and c such that (Ai . . . A^, Aoo) -» c. We need to show that 
we can find an extended configuration c G C such that c G exp(c, Ai . . . A&). The proof is 
by easy induction on the number of transitions. For the base step we have (Ai . . . A/%, Aoo) G 
exp(cQ, Ai . . . Afc), and the induction step is given by the first statement of Lemma 13.251 

Now, suppose that c G C and c G exp(c, Ai . ..A&). An induction using the second 

statement of Lemma 13.251 shows that there is d ^ r c such that (Ai . . . A&, Aqo) — » d . 

In order to reduce C to a finite set we once again use well-quasi-orders. We define a 
relation C on compressed configurations: 

(Ai • • • X v , f, X'oo) E (Ai . . . A;, /, Aoo) 

(Ai . . . X' v , < r (Ai . . . A,, Aoo) and / = /'. 

This relation is a well-quasi-order. We take C-£*(X oc ) to be the set of minimal elements in 
this quasi-order. It is clear that Exp(C%* (Aqo), Ai . . . A&) C Exp(C, X\ . . . A&) for arbitrary 
Ai...Afe. So, by the above observations the second property of the lemma holds. For 
the first property observe that whenever <? C c and c G exp(c, Ai . . . A^) then there is 
d G exp{3 , Ai . . . Afe) with c' < r c. □ 

Lemma 3.27. There is an algorithm that given a set Y upward closed with respect to the 
< r relation computes a constant Ms*(Y) such that the size of every minimal element of 
pr&£*(Y) is bounded by M%*(Y). 

Proof. There are only finitely many different C(Aoo) constructed in the above lemma. Let 
Ms* be the maximal possible value of _B(Y,C(Aoo)) (cf. Lemma f3.23[) 

Suppose Co = (A5 • • • A°, A^) is a minimal element of pre\*(Y). Take the set C(Ao^) as 
given by Lemma r3.261 We have that Exp(C^* (A^), X\. . . A°) C Y by the second statement 
of this lemma. From Lemma 13.231 we get a subsequence X\ . . . Aj of X\ . . . A^ whose length is 
bounded by B(X, C(A°,)) < M s * and such that Sxp(C s »(A^), X[ . . . A{) C Y. By the first 
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statement of Lemma T3, 261 we get that (A' x . . . AJ, A^) G prej ] *(Y). By the minimality of Co, 
we have that Co = (A' x . . . A^, Aj 3 ,), so its length is bounded by Ms* + 1. □ 

The last step before proving Lemmas 13,181 and 13.191 consists of two simple observations. 

Lemma 3.28. For every set X upward closed with respect to ■< relation, the membership 
in Y = pre^ el3L (X) is decidable. Moreover Y is a ^.-upward closed set. 

Proof. The first part of the lemma is obvious, it suffices to test all possible transitions that 
are explicitly characterized in Lemmas 13.101 and 13.121 The second part follows from the 

property that we have already noticed before (page [TBI) : if c[ -< r c\ and c\ ^ — V ^ C2 then 

also c[ ^ — V ^ d 2 with some d 2 ^ C2 . □ 

Lemma 3.29. For every set Y upward closed with respect of ^ r relation, the membership 
in pre^* (Y) is decidable. 

Proof. Given a configuration c we need to decide if c £ pre^*{Y). We apply successively 
transitions to c constructing a part of the reachability tree. We stop the development in 

a node if it has an ancestor smaller with respect to ^-relation. As -< r is a well-quasi-order, 

and the branching at each node is finite, we get a finite tree t. 

It remains to argue that this construction is correct. If in the above process we find a 

configuration that is not in Y then clearly c is not in pre\«(Y). For the other direction, 

assume conversely that there is d ^ Y with c —» d. Choose c' ^ Y so that the length of a 

derivation c — » c' is the smallest possible. We show that c' € t. Recall that Lemma 13.111 
characterizes transitions on letters. Directly from this characterization we obtain that if 
c'i dtr c i an d c\ — > C2 then also c' x — > c' 2 with some c' 2 r^ r c-2- Using this fact, we get that 

if c' is not in t then there is d! -< d such that the derivation c -» d' is shorter than c —» d. 
This is impossible by the choice of d . □ 

Proof (of Lemma 13. 18j) 

Take an upward closed set X. By Lemma 13.241 we can compute a constant M de i ay that 
bounds the size of minimal elements in Y = pre\ el&J {X). Using Lemma 13.281 we can find 
the minimal elements of Y by enumerating all configurations of size bounded by M de i ay . 
Observe that Y is ^ r upward closed. 

Once we have computed Y, Lemma [3 . 271 gives us a constant Ms* (Y) bounding the size 
of minimal elements in pre^*(X) = pre^ t (pre delay {X)). 

□ 

Proof (of Lemma 13. 19[) 

We first compute the set Y = pre delay (X) as described above. We can then use Lemma r3.29l 
to test for the membership in pre^ t (Y) = pre^,{pre\ el&1 {X)). 

□ 



4. Constrained TPTL 



In this section we present a fragment of TPTL (timed propositional temporal logic) that 
can be translated to automata whose emptiness problem is decidable by Theorem 13 .11 We 
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compare this fragment with other known logics for real time. We will be rather brief in 
presentations of different formalisms, and refer the reader to recent surveys [91 126]. 

TPTL[8j is a timed extension of linear time temporal logic that allows to explicitly set 
and compare clock variables. We will consider the logic with only one clock variable that 
we denote TPTL 1 . The syntax of the logic is: 

p \ x.a |x~c|aA/3|aV/3| aU/3 | aU/3, 

where p ranges over action letters, x is the unique clock variable, and x ~ c is a comparison 
of x with a constant with ~ being one of =,^, <,<,>,>• We do not have negation in the 
syntax, but from the semantics it will be clear that negation is definable. 

The logic is evaluated over timed sequences w = (ai, ii)(a2, £2) ■ ■ ■ We define a satis- 
faction relation w,i,v \= a saying that a formula a is true at a position i of a timed word w 
with a valuation v of the unique clock variable: 

w, i, v 1= p if Oj = p, 

w,i,v 1= x ~ c if ti — v ~ c, 

w,i,v\=x.a if w,i,ti \= a, 

w,i,v 1= aU/3 if 3j>j (w,j, v \= j3 and Vfcg^j) w, k,v \= a), 
w,i,v\= aU/3 if Vj>j (w,j,v 1= j3 or 3j, e uj\w, k, v 1= a). 
As usual, "until" operators permit us to introduce "sometimes" and "always" operators: 

Fa = tWa, Ga = ffVa. 

For the following it will be interesting to note that the two "until" operators are inter- 
definable once we have "always" and "sometimes" operators: 

aU/3 = G/3 V piJa, aU/3 = F[3 A /3Ua. 

Observe that TPTL 1 subsumes metric temporal logic (MTL). For example: aU(oj)/3 of 
MTL is equivalent to x.(aV((x < j) A 13)). We will not present MTL here, but rather refer 
the reader to [10] where it is also shown that the following TPTL 1 formula is not expressible 
in MTL (when considered in the pointwise semantics): 

x.(F(bAF(cAx < 2))). (4.1) 

The satisfiability problem over infinite timed sequences is undecidable for MTL [22J, 
hence also for TPTL 1 . Using our decidability result for alternating timed automata, we can 
nevertheless find a decidable fragment that we call Constrained TPTL. The definition of 
this fragment will use an auxiliary notion of positive TPTL 1 formulas. These formulas can 
be translated into alternating automata where all states are accepting. The set of positive 
formulas is given by the following grammar: 

p | x.ip \ x^c\(p\/ip\(pAip \ (pUip | F((x < c) A ip) 

The set of formulas of Constrained TPTL is: 

p | x.a |x~c|aV/3|aA/3 |aU/3 | ip (p positive. 

Observe that the formula (|4.ip belongs to the positive fragment if we add redundant (x < 2) 
after b. 

Theorem 4.1. For a given Constrained TPTL formula a it is decidable whether there is a 
non Zeno timed word that is a model of a. The complexity of the problem cannot be bounded 
by a primitive recursive function. 
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Proof. It is enough to give a translation from formulas to automata in the class from The- 
orem 13. 11 The translation is on the syntax of the formula. 

We start with the automaton for positive formulas. The set of states of an automaton 
for a formula will consists of all subformulas of the formula. A state associated to a formula 
a will be denoted by [a]. The intended semantics is that a timed word w is accepted from 
[a] iff w, 1, N a. 

The transition relation of the automaton is given in the following table. 

b] T [x ~ c] T 



[a V 0\ [a] V [(3} [a A 0[ [a] A [(3} 

[x.a]-^ [a] 

x:=0 

[aU/3] [a] V {[13] A [aU/3]) 
[F/3] [f3] V 

The transitions follow directly the semantics of formulas; state T is a special state from 
which every timed word is accepted. As our automaton is alternating, on the right hand 
side of the transition we can write a boolean expression on successor states. We should also 
explain labels * and e over transitions. Transition — -> is just a shorthand for transitions 
on all letters of the alphabet. Transitions — and — > can be seen as eager e-transitions of 

x:=0 

the automaton: they are executed as soon as they are enabled. The other way is to consider 
them as rewrite rules where the real transition of the automaton is obtained at the end of 
the rewriting, i.e., reaching a transition on a letter. In this interpretation we should not 
forget to accumulate resets. For example, the above rules give 

[x.(aVP)] -A [a] V A [aU/3]) 

x:=0 

as a "real" transition of the automaton. 

All the states are accepting. Notice that in the case of positive formulas we will have 
a state [F/3] only when f3 is of the form (x < c) A (3' . As we consider only non Zeno words, 
this assures that the language accepted from this state is correct even if the state [F/3] is 
accepting. 

For other formulas of Constrained TPTL we first assume that for every positive formula 
we have already an automaton constructed by the above procedure. We then use the clauses 
above and the clause for the U operator 

[aU0\ — > [f3] V ([a] A [aU/3]) 

to construct the part of the automaton corresponding the remaining formulas. The ac- 
cepting states are all those corresponding to positive formulas. All the other states are 
rejecting. 

A standard argument based on induction on the size of the formula shows that the 
translation is correct. For the complexity bound announced in the statement of the theorem, 
it is enough to check that the proof of the same complexity bound for alternating timed 
automata over finite words [T7] can be translated into Constrained TPTL. □ 
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4.1. Relation with other logics. Safety MTL [24J can be seen as an MTL fragment of 
positive TPTL. Indeed, both formalisms can be translated to automata with only accepting 
states, but the automata obtained from MTL formulas also have the locality property 
(cf. [21] )• This property ensures that the clock is always reset when changing state. The 
example (|4.ip shows that this is not the case for positive TPTL. The satisfiability problem 
for both logics is non-elementary |25j . 

Using equivalences mentioned above FlatMTL[12j with pointwise non Zeno semantics 
can be defined set of formulas of the grammar: 

p | a V /3 | a A (3 | aUj/3 | xU//3| x J bounded and % G MITL, 

where MITL is a version of MTL in which we do not allow equality constraints [6]. The 
original definition admits more constructs, but they are redundant in the semantics we 
consider. 

Both FlatMTL and Constrained TPTL use two different sets of formulas. The MTL 
part of the later logic would look like 

p | a V j3 | a A f3 | oUj/3 | cp ip positive. 

From this presentation it can be seen that there are at least two important differences: (i) 
constrained TPTL does not have restrictions on the left hand side of "until", and (ii) it 
uses the positive fragment instead of MITL. We comment on these two aspects below. 

Allowing unrestricted "until" makes the logic more expressive but also more difficult 
algorithmically. For example, to get the non primitive recursive bound it is enough to use 
the formulas generated by the later grammar without the clause for positive formulas. This 
should be contrasted with the ExPSPACE-completeness result for FlatMTL |12j . 

The use of positive fragment instead of MITL is also important. The two formalisms 
are very different in expressive power. The crucial technical property of MITL is that a 
formula of the form a\Jj/3 can change its value at most three times in every unit interval. 
This is used in the proof of decidability of FlatMTL, as the MITL part can be described in 
a "finitary" way. The crucial property of the positive fragment is that it can express only 
safety properties (and all such properties). We can remark that by reusing the construction 
of [22] we get undecidability of the positive fragment extended with a formula expressing 
that some action appears infinitely often. Theorem 15.21 presented in the next section implies 
that this is true even if we do not use punctual constraints in the positive fragment. In 
conclusion, we cannot add MITL to the positive fragment without losing decidability. 

5. Undecidability without testing for equality 

Ouaknine and Worrell [22] have proved undecidability of MTL over infinite words in the 
case of pointwise semantics. Their construction immediately implies that the decidability 
result from the last section is optimal if classes of accepting conditions are concerned. 

Theorem 5.1 (Ouaknine, Worrell). It is undecidable whether a given one-clock universal 
timed automaton A with weak (1,2) conditions accepts some non Zeno word. 

Recall that weak parity conditions were defined on pagedj weak (1, 2) condition means 
that each accepting run contains only accepting states, or reaches T. The construction in 
op. cit. relies on equality constraints. Indeed, if we do not allow equality constraints in 
MTL then we get a fragment called MITL, and the satisfiability problem for MITL over 
infinite words is decidable [6]. 



WEAK ALTERNATING TIMED AUTOMATA 



21 



In this section we would like to show that a similar phenomenon is very particular to 
MTL and does not occur in the context of automata. We show that the undecidability 
result holds even when automata are only allowed to test if the clock is bigger than 1. 

Theorem 5.2. It is undecidable if a given one-clock universal timed automaton A with 
weak (1,2) conditions accepts some non Zeno word, even when A does not use tests for 
equality. 

Remark: The above theorems stay true if we replace "non Zeno word" by "any word" . 
This is because we can restrict the language of an automaton to non Zeno words: the set 
of non Zeno words is accepted by an automaton with weak (1,1) conditions. 

To prove Theorem 15.21 we encode a problem of deciding whether there is a run of a 
counter machine with insertion errors satisfying a (strong) Biichi condition. This section 
is split in two parts. In the first we introduce counter machines with insertion errors, and 
show undecidability of the problem in question. In the second we give an encoding of this 
problem into the emptiness problem for automata with weak (1,2) conditions. 

Machines with insertion errors. A k-counter machine with insertion errors Ai 9 has 
configurations (q, c 1 , . . . , c k ) consisting of a control state q € Q and values of the counters 
c l 6 N. There are three kinds of transitions: (q : c l := c l + l;goto q') or {q : if c l = 
then goto q') or (q : if c % > then c l := c l — 1; goto q'). The set of transitions 5 of Ai 9 
gives rise to a relation between configurations, describing a single step of Ai 9 . The machine 
has insertion errors, which means that before and after every step it may increase any of 
its counters by any value. We will denote this by (q, c 1 , . . . , c k ) — > (q 1 , c' 1 , . . . , c' k ), to say 
that we may reach configuration (q', c' 1 , . . . , c' k ) from (q, c 1 , . . . , c k ) using some transition 
from 5 and possibly increasing some counters before and after the transition. The initial 
configuration of the machine Ai 9 is (qo, 0, . . . , 0). Together with the machine there is given 
some subset of states Q aC c != Q- We say that a run of Ai 9 satisfies the Biichi condition if 
in infinitely many of its configurations there appears a state from Q a cc- 

Theorem 5.3 (Ouaknine, Worrell [22]). It is undecidable whether a given 5-counter ma- 
chine with insertion errors Ad 9 has a run satisfying the Biichi condition. 

For completeness, we give a short proof of Theorem 15.31 by reduction to boundedness 
of a lossy 4-counter machine. The principle of lossy k-counter machine is similar to that 
with insertion errors, with a difference that before or after every step it may decrease any 
of its counters by any value (instead of increasing). We say that a run of such a machine 
is bounded, iff there is a common bound for values of all counters in all configurations 
throughout the run. We will use the following result. 

Theorem 5.4 (Mayr |18|). It is undecidable whether every run of a given lossy 4-counter 
machine Ai 1 is bounded. 

Proof of Theorem \5.3[ Coming back to insertion errors, first note that a counter machine 
with insertion errors is exactly the same as lossy counter machine working backward. Let 
At 1 be a given lossy 4-counter machine. We construct a 5-counter machine Ai 9 that can 
simulate in a backward fashion a computation of Ai 1 on the first four counters. This machine 
is able to go from a configuration (q, c 1 , c 2 , c 3 , c 4 , c 5 ) to a configuration (qo, 0, 0, 0, 0, c 5 ) iff Ai 1 
can go from (go, 0, 0, 0, 0), that is the initial configuration, to (q,^ ,c 2 ,c^ ,c i ). Additionally 
to the states of Ai 1 , the machine has some auxiliary states, among them an accepting state 
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g acc . The machine will start in the state g aC c, and this state will be reachable only from 
a configuration (go, 0, 0, 0, 0, c 5 ). In the state g acc , the machine increases c 5 by 1 and then 
(in a nondeterministic way) increases counters c 1 ,c 2 ,c^, so that c 1 + c 2 + c 3 + c 4 > c 5 . 
To do that it may the move value of c 5 simultaneously into c 1 and c 2 , then move value 
from c 2 back to c 5 and finally while decreasing c 1 increase c 2 ,c 3 ,c 4 . After that it chooses 
a state of A4 l and starts computing backward (using only the first four counters). When 
configuration (go, 0, 0, 0, 0, c 5 ) is reached we make the machine to go to (^Qacci 

0,0,0,0,c 5 ). 

Assume that A4 l has an unbounded computation. We will show that Ai 9 has a run 
visiting q acc infinitely often. Suppose that some initial fragment of this run is already 
constructed and we are in a configuration (g acc , 0, 0, 0, 0, c 5 ) for some value of c 5 . As Ai l 
has an unbounded computation, it can reach a configuration (g, c 1 , c 2 , c 3 , c 4 ) with the sum 
of the counters bigger than c 5 + 1. We increase c 5 by 1, distribute c 5 into other counters 
to get the values c^,(P,c 3 ,c , we choose the state q and then execute the computation of 
Ai l backwards, starting from (q, c 1 , c 2 , c 3 , c 4 ). When reaching (go, 0, 0, 0, 0, c 5 + 1) we go to 
{qacc, 0, 0, 0, 0, c 5 + 1) and repeat this process. This gives the required infinite computation. 

For the opposite direction, assume that there is a computation of M 9 satisfying the 
Biichi condition. Every appearance of q acc is followed by some initialization, and by a 
backward computation of starting in a configuration of size bigger than the value of c 5 
and ending in (go, 0, 0, 0, 0). However, every time this happens the value of c 5 increases by 
at least one. So we get computations of A4 l ending in bigger and bigger configurations. By 
Konig's lemma, there exists also an unbounded computation of A4 l . □ 

Encoding machines into alternating automata. Now we return to the proof of Theo- 
rem [521 which occupies the rest of this section. For given 5-counter machine with insertion 
errors Ai 9 we will construct an alternating one-clock timed automaton A that accepts some 
infinite word iff A4 9 has a run satisfying the Biichi condition. The input alphabet of A will 
consist of the instructions of Ai 9 and some auxiliary letters whose use will be explained 
later, 

S = 5 U {she, sh$, new, init}. 

As states of A we take 

Q+ = Qm U {1, 2, 3, 4, 5, $, goo , q init } and Q_ = {q_}. 

States Qm U {1, 2, 3, 4, 5} will be used to represent configurations of M 9 : the current state 
and the values of the five counters. States g^ and g_ will encode the condition on successful 
runs. State $ is important for technical reasons explained later. State qi n u is just the initial 
state that will not be reachable from other states. 

In our description below we will consider the characterization of acceptance given by 
Lemma 13.31 In this presentation a run of A is a sequence 

<H,ti a 2 ,t 2 
P 1 ^ P 2 P 3 ---, 

where each Pi C V(Qa x H^ + ) is a set of pairs (g, v) consisting of a state of A and a valuation 
of the clock. We call such a set an extended configuration of A, or an e- configuration for 
short. Compared with Lemma [3 .31 we have joined together a transition letting the time pass 

with an action transition and write just "^4 transitions. In what follows we will use only 
two regions: X\ = [0, 1] and = (1, oo). 

Definition 5.5. An e-configuration P of A is well-formed if: 
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• For every (q, v) G P: if g G {1, . . . , 5, $} then v G Xi, and f G Xoo otherwise. 

• For every v G X\ there is at most one q with (g, v ) G P. 

• In P there is exactly one pair with a state from Qai > exactly one pair with the state g^ , 
and no pairs with qi n %t- 

• Suppose (g, is in P where q G {1, . . . , 5}. Then this pair is immediately preceded by 
some ($,v f ) (there is no pair (q",v") in P with v' < v" < v). 

Intuitively, a well-formed e-configuration is divided into two parts: the set of pairs with 
the clock value in X\ and those in X^. The first part can be seen as representing a word 
over {1, . . . , 5, $} that is obtained by using the standard order on clock values. From the 
conditions above it follows that this word is of the form $ + qi 1 $ + qi 2 . . . $ + gi n $*; where qi k G 
{1, . . . , 5}. Such a word represents values of the counters when the value of the counter c 7 
is equal to the number of j in the word. The clock values of pairs in X^ will not matter, so 
this part can be seen as a multiset of states. In this multiset there will be exactly one state 
from Qm representing the state of the simulated machine. State qoo plus some number of 
states g_ will be there to encode a condition on a successful run. 

The automaton A will pass also through e-configurations that are not well-formed, but 
in its accepting run it will have to repeatedly return to well-formed e-configurations. 

Example 5.6. Consider an e-configuration 

rct;0.1 -1 0.2 $0.3 $0.4 o 0.6 $0.8 -.0.9 J> „5 „5 i 

where for readability we write a pair ($,0.1) as $ 01 ; and similarly for all other elements 
of the set. This e-configuration is well-formed and encodes the configuration (g, 2, 1, 0, 0, 0) 
of A4 9 . Observe that there are infinitely many well- formed e-configurations encoding this 
configuration of M . 

Now we describe transitions of the automaton. In order to have an intuition for reading 
the rules below it is important to observe that if the automaton reads a letter a then all 
states in its current e-configuration have to make a transition according to some rule labeled 
a. In consequence, if there is a state in the e-configuration that does not have a rule for a 
then the automaton cannot read a. 

The automaton starts in the state qi n u and waits at least one time unit to start its two 
copies: one in a state go and another in g^ (where go is the initial state of M 9 ), 

T ini t A 

Qinit, -L-oo > Q0 A g^. 

This means that the e-configuration becomes {(go,^), (<loo,v)} with v G X^. 
States $ for clock values < 1 are preserved by any transition, 

$,2i-^»$, VdGS. 

Similarly states 1, ... ,5, with the exception that a transition checking for zero should not 
be possible if the corresponding counter is non-zero, 

i,X\ — > i Vi = 1, . . . , 5 Vcr ^ (g : if c l = then goto g'). 

When the clock value for a pair with $ or i becomes greater than 1, it may be reset, 

$,Xoo ^% ($, reset), 

i,Xoo —> $ A (i, reset) Vi = 1, . . . , 5, 

g,Xoo q q G Qm U {goo,g-}, o = sh$ or a = she. 
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Note that the transition on $ reads a different letter than that on i. In consequence, if in 
a e-configuration there are pairs with both $ and i having clock values in then neither 
sh$ nor she are possible. As we will have no more transitions from ($,1^) this means that 
the automaton will be blocked in such e-configuration. 

Now we consider moves on transitions of the machine A4 9 . For a = (q : if c 1 = 
then goto q') we just do 

g,2oo — > q . 

Note that, thanks to earlier restriction, the transition is possible only when there are no i 
states in the e-configuration. For a = {q : if c l > then c l := c l — l;goto q') we do 

q, Zoo — >q , 

i 1 ) T . 

For a = (q : c % := c 1 + 1; goto q') we do 

q,loo — — > q A $ A (i, reset). 
As the machine should allow insertion errors, we add a transition 

q, Zqo —> Q A $ A (i, reset). 

Finally, we have special states qoo and g_, that are used to ensure that states from Q a cc 
appear infinitely often. The state goo produces repeatedly new g_ states, 

The state g_ is the only one, which is in so in the accepting run every g_ state has 
to disappear after some time. States g_ disappear, when there is a transition ending in a 
state from Q acc , 

Q-,Ioo —> T V(J= (...goto g'))?' G Qacc, 
g_,Xoo — » g_ for all other u. 

Example 5.7. Let us see how a transition cr = (q : if c 2 > then c 2 := c 2 — l;goto 52) 
is simulated from the e-configuration in Example 15.61 One possibility is to immediately 
execute a transition reading a. We get the e-configuration 

{$^,l0- 2 ,$^,$^,2 - 6 ,$ - 8 ,l°- 9 ,g 2 5 ,d,^} 
which is well-formed and encodes the configuration ((72, 2, 1, 0, 0, 0) of Ad 9 . The second 
counter has not been decreased, but this is correct as the machine is allowed to do incre- 
mental errors. 

If we really want to decrease the second counter, we have to ensure that a pair with 2 
is in the loo region. If we let pass, say, 0.2 units of time we get e-configuration 

ra>0.3 -.0.4 $0.5 $0.6 o 0.8 $1 1 1.1 „5.2 „5.2 „5.2i 

Then we execute a transition she and we get 

{1 )$ 0. 3)1 0. 4) $0.5^0.6^0.8^1^5.2^5.2^^ 

After time 0.1 we can execute a transition sh$, getting 

{$°, l 01 , $ - 4 , 1 ' 5 , $ - 6 , $ - 7 , 2 - 9 , i-\ q 5 : 3 , q 5 J} . 
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Then after 0.2 we execute a transition a, getting a well-formed e-configuration corresponding 
to (q 2 , 2, 0,0, 0,0): 

{$ 0.2 5 l0 .3 ; $ 0.6 5 1 0.7 ) $ 0. 8) $ 0.9 5 g 5. 5) fjrfjy . 

Now consider the transition a' = (q 2 : c 3 := c 3 + l;goto q^) of A4 9 . We execute 
a transition cr' from the above e-configuration after time 0.1 (recall that executing two 
transitions at the same time is forbidden), getting 

roO $0.3 -,0.4 $0.7 -,0.8 $0.9 $1 „5.6 „5.6 „5.6\ 

After additional time 0.1 we execute the transition sh$, getting a well- formed e-configuration 
corresponding to (q%, 2, 0, 1, 0, 0): 

r$0 oO.l $0.4 -,0.5 $0.8 -,0.9 $1 „5.7 ^5.7 _5.7\ 

Lemma 5.8. There exists a run of A4 9 satisfying the Biichi condition iff A accepts some 
infinite word. 

Proof. Assume that A4 9 has a run satisfying the Biichi condition. From the initial state, A 
may go to a well- formed e-configuration corresponding to the initial configuration of A4 9 . 
Then every step of A4 9 may be simulated by A: When A4 9 increases some of its counters, 
we may do the same using transitions on letters new and then sh$. When A4 9 executes 
a transition a = (q : if c l = then goto q') we may do the same in A reading letter a. 
When M? does a = (q : c l := c l + 1; goto q'), we do the same reading letter a and then sh$. 
It is easy to check, that after each step the resulting e-configuration remains well-formed. 

The only complicated transition is a = (q : if c l > then c % := c % — l;goto q'). 
Suppose that the automaton is in a well-formed e-configuration P. Let us look at the biggest 
valuation v < 1 appearing in P. By the conditions of well-formedness (c.f. Definition 15.5 j> 
there is exactly one state q € Q+ such that ((/, v) € P. This state can be one of 1, . . . , 5, $. 
The automaton lets the time pass so that v becomes greater than 1, but all other valuations 
from T\ stay in X\. If q = % then the automaton does a. Otherwise, it does sh$ or she 
followed by sh$ that has an effect of putting $ or $ followed by q at the beginning of the 
e-configuration. After this we obtain a well-formed e-configuration where the one but the 
maximal valuation before became the maximal one. These operations are repeated until 
q = i. We are sure that this process ends, as there is a state i in P. 

To ensure that the obtained word is nonZeno, we have to wait some time after every 
transition of A4 9 , doing she and sh$ if necessary. Observe that every state q~ would 
disappear when in the computation of KA 9 there is a transition ending in a state from Qa.cc- 
As this computation satisfies the Biichi condition, this will happen infinitely often. 

For the other direction, consider an accepting run of A on some word. In the first step, 
A has to reach a well-formed e-configuration corresponding to the initial configuration of 
M 9 . Let us see what may happen from any well-formed e-configuration. Suppose that time 
passes and the clock value for some states 1, . . . , 5, $ becomes greater than 1. If it happens 
simultaneously for state $ and some state i, then from the obtained e-configuration there 
will be no more transitions. If it happens only for state $, then the only possible transition is 
the one reading sh$ after which we go back to a well-formed e-configuration corresponding 
to the same configuration of A4 9 . If it happens just for some state i, then the automaton can 
read either she or some (q : if c 1 > then c % := c % — l;goto q'). If it reads she, then after 
that it has to read sh$, and we also are back in a well-formed e-configuration corresponding 
to the same configuration of Ai 9 . If it reads a = {q : if d > then c l := c l — 1; goto q'), 
then we immediately get a well-formed e-configuration. 
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Transitions reading she or sh$ when no state of 1, . . . , 5, $ has the clock value above 
1 does not change the configuration. A transition reading new has to be followed by a 
transition sh$ and we get a well- formed e-configuration with one of the counters increased. 
A transition reading a = (q : if c l = then goto q') is possible only when counter & is zero. 
After a transition reading a = (q : c l := c l + 1; goto q') there has to be a transition reading 
sh$ and we get a well-formed e-configuration that corresponds to a correct configuration 
of A4 9 . A transition reading a = (q : if c l > then c l := c l — 1; goto q') always gives us 
a well-formed e-configuration. The obtained e-configuration correctly represents the result 
but for the fact that the counter i may not be decremented. This is not a problem as we 
are simulating a machine with insertion errors, so we can suppose that the incrementation 
error has occurred immediately after execution of this instruction. 

The above argument gives some computation of Ai 9 constructed from an accepting 
computation of A. So every disappears after some time on that computation of A. This 
is only possible when reading a letter of the form (. . . goto q') with q' an accepting state 
of A4 9 . As q~ needs to disappear infinitely often, the obtained computation of A4 9 is an 
infinite computation satisfying the Biichi condition. □ 

As the choice of counter machine M 9 was arbitrary and the construction of A from 
M? was effective, Lemma 15.81 implies Theorem 15.21 

6. Conclusions 

This paper presents a study of the emptiness problem for alternating timed automata. It 
gives a characterization of decidable cases of this problem in terms of the complexity of 
acceptance conditions. The main result shows that all the classes whose decidability has 
been left open are indeed decidable. This result gives new decidability results for logics for 
real-time. 

Given this characterization, in order to find other, bigger, classes of alternating timed 
automata with decidable emptiness problem we need to look closer at the structure of 
automata. In this paper one case has been studied, namely when no punctual constraints are 
used. This case was motivated by the phenomenon observed for metric temporal logic: while 
the logic is undecidable, it becomes decidable when punctual constraints are disallowed. The 
second main result of the paper shows that in the case of automata such a simple restriction 
does not work: one does not get a bigger decidable class even if one restricts to extremely 
simple constraints. This indicates that in order to obtain larger decidable classes, the 
structure of resets should be also examined more closely. 
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